> Every single Australian's ID will have to be verified (in order to confirm their age). > > Depending on the degree of cooperation (/coercion) the Australian government has with social media companies, the Aus Govt will be able to access citizen social media data with relative ease. So no more pseudo anonymous accounts (or, at least, they'll be made more difficult, especially for non-technical folk).
This isn't a given. It is quite possible to build a reasonably anonymous system to verify age at signup.
As a simplified model: the government creates a website where with your government id/login, they will give you an age-verification-valid-for-5-minutes token - basically just "holder is 16+" signed with their signature & the current time. Websites request a new valid token at signup. End result is that government only knows you're _maybe_ doing _something_ 16+, and the website doesn't know who you are, just that you're old enough (this is clearly improveable, it's just a basic example).
Whether anything like this will be implemented is a hard question of course. The current alternatives I've seen seem to be a fully privatised version of this, where a private company has a video call where you hold up your ID - that eliminates the government, but seems like a whole bunch of privacy concerns in itself too (not to mention being wildly inefficient & probably not very reliable).
This comes up on every single HN thread about the topic, but I don’t understand how people aren’t seeing the obvious abuse angle:
Create a market for anonymous age verification tokens. People pay $5 to someone to create an age authorization for them. 17 year old kid (who is old enough under this law) spends all day creating anonymous age auth tokens to sell to people who want them.
Entire system subverted with profit motive.
The next phase of the argument is to argue for rate limiting or extra logging, but the more you force that the more you degrade privacy or introduce unreasonable restrictions. “Sorry, I can’t sign up for the wiki today because I already used my quota of 2 government age checks today”. Still leaves plenty of room for 17 year old kids to earn $10 a day farming out their age checks.
The entire argument that anonymous crypto primitive will solve this problem is tiresome.
this is the same argument as "why have government id cards, someone could just use a fake beard and use their older classmates id". Any system allows for some gaps, similar to how creditcard transactions make transactions safer but on either side of that transaction there some "insurance" and some leeway if someone really wanted to.
Why not lock device/accounts as minor and put onus on school and parents to ensure devices are appropriately tagged? At least for pre-teens I strongly think it shall work.
Because it will take about 1 month till there is some service the parents will want the kids to use that wont be available on such device (a kids show, a kids game, a page necessary for homework). So, they will have strong motivation to not label them as such.
This is one of the main motivating examples for attribute-based credentials, which provably only reveal the selected attribute to verifiers.
You’re right that it’s possible, absolutely. The problem is the government would first have to want to do that. If they’re planning to hoover up social media usage data then they probably won’t.